Friday, October 29, 2010

the gay trojan?

Anyone who has had even the most basic knowledge about information security -- ideally everyone who has access to the Internet -- should know the term social engineering.Malware creators Cybercriminals love to do this, because it's been said that their main purpose now is all about the money (no longer for fame and bragging rights), and that whatever information we share over the net has a value in their underground economy. Scary, but hey, in any IT infrastructure, humans have always been the weakest link. Who wouldn't want to click on a link that promises a video a piano-playing kitty? Or open those "nude [insert name of female star] pics!" attachments on email messages?

Probably gay men?

A couple of weeks ago I was trying to correlate the supposed online dominance of women with how malware works these days (nosebleed-y but in a gist, it's supposed to explain why there are so many Facebook scams now; because women are primarily the main users of such sites). I asked Macky: "where are the gay malware?" In the seven years that I have been surrounded with tons of information about online threats -- how they arrive, how they work, why they exist, how they've evolved -- I've only encountered only two instances of malware attacks that are remotely gay-related: the Italian senate hack attack, wherein gay porn images where uploaded on the screens of all computers in the building; and the SOHANAD worm that promises pictures of Miss world candidates. Of course, the former is more of the payload rather than the lure, and the latter is actually treading the "farfetched" territory of my argument (but come on, who views beauty contest pictures?). And these incidents happened about four or so years ago, which means that since then, the threat landscape is generally... heterosexual.

It's either gay men are more security conscious, or they're also actually prone to social engineering techniques geared for the straight ones. I'd like think we're smarter though. LOL! Hello, do you think they'd fall for something like (some stereotypes ahead!):

Viagra spam, when they have pictures of heterosexual couples in the throes of passion? And unless one's a porn star, who needs 'em?

419 scams (you know, about some son of deposed ruler in Africa), when we're too self-absorbed to care and/or too driven and successful that we don't need reward money (we can earn $1M on our own dammit!)

Nude celeb pictures email messages, which often promises pictures of female celebs? Duh. And even if these messages promise a nude Brad Pitt pic, we've probably Googled those before (and with better resolution).

Cute kitties on YouTube? Probably... most gay men I know are dog people, though...

"OMG is this you in this pic/video?" wall post in Facebook? Hm. Okay I admit this has a "highly likely" potential. *naugthy grin*

Then again, perhaps there's this reason: cybercriminals don't see an ROI in the supposed Pink Peso/Dorothy Dollar. At least, no yet. Sure, some market research studies (which the bad guys may also have access) are projecting the buying power of gay men to skyrocket in the near future, if not already. But perhaps we're still a niche market. I guess we're lucky in that aspect?

That's not to say that one should be complacent though. There are threats that arrive in other means (hello there, software bugs, flash disks, and bogus porn/torrent search results!).

And like I said, for all I know maybe most guys already fall for the cheapest tricks that no sophisticated targeting is required. But I know we're much better than that right? ;)